<?php session_start(); ?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">

<html>
<head>
<title>Parent Informer RCSHS - Pending Approval </title>

<link rel=stylesheet href="../../../css-layouts/themes/defaulttheme.css" type="text/css">
<link rel=stylesheet href="../../../css-layouts/headlinks.css" type="text/css">

</head>

<body>

<div id="mainhead"><br><br><br></div>
<br>
<br>

<?php 

 require_once("../../../sqlconfig.php");
 require_once("../../lib/recaptchalib.php");
 //Use SHA-256 Encryption :))
 require_once("../../lib/sha256.php");
 $catchprivkey = "6Leo8MMSAAAAAPzo-T0d9LATOZOa0GlCiETts8wH";

 //Connect to MySQL and connect to the database
 mysql_connect($server, $sqlusr, $sqlpass) or die(mysql_error()); 
 mysql_select_db($mydb) or die(mysql_error()); 

 /**
  * This page uses error codes for use in $_SESSION['penderr'].
  * Numbers are assigned to it depending on the user's error. All
  * errors would make the user redirect to another page
  * named pend_atmpt.php to again retry.
  *
  * ERROR CODES (For use with $_SESSION['penderr']:
  * CODE 1: No input in one or more fields
  * CODE 2: E-mail address does not match the preset format.
  * CODE 3: Passwords does not match
  * CODE 4: Desired username was already requested by another
  *         user
  * CODE 5: Desired username already exists in the database
  * CODE 6: Incorrect CAPTCHA input
  * 
  *
  *
  * The following conditon tests whether there were
  * stored cookies (both) in the user's computer.
  * If there is, test for cookie values
  * and compare them to the database. If so,
  * redirect them to the main page.
  *
  * If there was no cookie, or one of them is missing, then
  * evaluate input from if submitted from externalaffairs/newaccts.php
  */
 if(isset($_COOKIE["parentinformerprcshs"]) && isset($_COOKIE["parentinformerurcshs"])) { 
  $username = $_COOKIE["parentinformerprcshs"]; 
  $pass = $_COOKIE["parentinformerurcshs"];
  $check = mysql_query("SELECT * FROM logtbl WHERE usernm = '".$username."'") or die(mysql_error());
  while($info=mysql_fetch_array($check)) {
   if ($pass!=$info['pwrnd']) {
    header("Location: ../../logerr_atmpt.php");
   }
   else {
    header("Location: ../../../");
   }
  }
 }

 /**
  * This statement saves the inputted username and password
  * in the table pendaccts and not directly to the logtbl
  * table. An administrator must first accept the request
  * before it could be transferred to the main user database.
  */  
 else { 

  /**
   * The following condition checks whether all of
   * the fields in newaccnt.php were filed up
   * completely. If not, a notice would be posted.
   */
  if(isset($_POST['submitbtn'])) {

   if(empty($_POST['desusrnm']) || empty($_POST['despaswrd']) || empty($_POST['despriv']) || empty($_POST['comnt'])) {
    $_SESSION['penderr'] = 1;
    header("Location: pend_atmpt.php");
    die();
   }

   if($_POST['despaswrd'] !== $_POST['confpaswrd']) {
    $_SESSION['penderr'] = 3;
    header("Location: pend_atmpt.php");
    die();
   }
 
   if (!preg_match("/^[^@]*@[^@]*\.[^@]*$/", $_POST['mymail'])) {
    $_SESSION['penderr'] = 2;
    header("Location: pend_atmpt.php");
    die();
   }

   if($_POST['despriv']>3) {
    echo "You have an illegal privilege selection. Your IP address will be<br>";
    echo "recorded to remotely deter malicious events. Please bear with us.<br>";
    echo "Thank you!<br>";
    die();
   }

   $docheckusrpend = mysql_query("SELECT * FROM pendaccts") or die(mysql_error());
   $docheckusrlog = mysql_query("SELECT * FROM logtbl") or die(mysql_error());
   
   while($passverpend=mysql_fetch_array($docheckusrpend)) {
    if ($_POST['desusrnm']==$passverpend['desusr']) {
     $_SESSION['penderr'] = 4;
     header("Location: pend_atmpt.php");
     die();
    }
   }

   while($passverlog=mysql_fetch_array($docheckusrlog)) {
    if ($_POST['desusrnm']==$passverlog['usernm']) {
     $_SESSION['penderr'] = 5;
     header("Location: pend_atmpt.php");
     die();
    }
   }

   $catchans = recaptcha_check_answer($catchprivkey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]);
   if(!$catchans->is_valid) {
    $_SESSION['penderr'] = 6;
    header("Location: pend_atmpt.php");
    die();
   }

   /**
    * The following statement blocks execute 
    * form filtering techniques to prevent XSS
    * and code injection (even though it is quite
	* vulnerable).
    */
   $_POST['despaswrd'] = sha256($_POST['despaswrd']);
   $_POST['comnt'] = htmlentities($_POST['comnt'], ENT_QUOTES);
   $_POST['desusrnm'] = htmlentities($_POST['desusrnm']);
   $todate = date('Y-m-d');

   $alongquery = "INSERT INTO pendaccts VALUES('".$_POST['desusrnm']."', '".$_POST['despaswrd']."', ".$_POST['despriv'].", '".$_POST['mymail']."', '".$_POST['comnt']."', '".$todate."');";
   $dothisquery = mysql_query($alongquery) or die(mysql_error());
   echo "<center><font id='heading'>REQUEST SENT</font></center><br><br>";
   echo "Your request was sent on our server.<br>";
   echo "An administrator would approve your request depending on the reason<br>";
   echo "you have inputted in the previous field. Decisions on your request<br>";
   echo "will be sent through your e-mail address. Thank you!<br>";
  }
  else {
   echo "<p>This is the notification lobby where users who would like to have an account<br>";
   echo "for the site would receive messages regarding their input to request for an account.<br>";
   echo "To request for an account, click <a href='../../../externalaffairs/newaccnt.php'>here</a>.</p>";
  }

 }
?>

<div class="footnav" align=center>

<hr>

<a href="../../../">Main Page</a> ||
<b>Request Account</b> ||
<a href="#">Help</a> ||
<a href="#">Disclaimer</a> ||
<a href="../../../externalaffairs/links.php">Links</a> ||
<a href="#">About</a>
<br>

<span id="copyme">
&copy; 2011 Roosevelt College Science High School. All rights reserved.
</span>

</div>

</body>
</html>